Privacy-aware agent tools and configs
Resources that help teams review local files, credentials, logs, telemetry, and third-party access before adopting agent workflows.
Resources that help teams review local files, credentials, logs, telemetry, and third-party access before adopting agent workflows.
Compared at a glance
The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.
1 trust signal differ across this comparison (Package trust).
Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.
| Field | Build layered defenses against prompt injection, data exfiltration, and unsafe tool execution in AI agent systems. Open dossier | Expert code-review capability pack for deterministic PR audits, risk-ranked findings, and low-noise fix planning without SaaS lock-in. Open dossier | Build applications, analyze traffic, and manage security settings through Cloudflare Open dossier | Expert EVM capability skill for secure contract architecture across Ethereum and Base, including Foundry testing and operational controls. Open dossier | Build and harden Ethereum smart contracts with Foundry, invariant testing, and battle-tested OpenZeppelin security patterns. Open dossier |
|---|---|---|---|---|---|
| Next stepsDiffers | |||||
| Trust | |||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trustDiffers | Package verified2026-04-10 | Package verified2026-04-11 | Package verified | Package verified2026-04-10 | Package verified2026-04-10 |
| Source provenance | No submission link | No submission link | No submission link | No submission link | No submission link |
| Submitter | — | — | — | — | — |
| Install risk | Low risk | Low risk | Low risk | Low risk | Low risk |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | — | — | |
| Category | skills | skills | mcp | skills | skills |
| Source | First-party | First-party | First-party | First-party | First-party |
| Author | JSONbored | JSONbored | Cloudflare | JSONbored | JSONbored |
| Added | 2026-04-10 | 2026-04-11 | 2025-09-18 | 2026-04-10 | 2026-04-10 |
| Platforms | |||||
| Harness | |||||
| Source repo | — | — | — | — | — |
| Safety notes | ✓Treat findings and generated mitigations as review inputs; validate suspected vulnerabilities and patches before changing production controls. Coordinate disclosure-sensitive security work privately and avoid running destructive probes outside authorized systems. | ✓Installs from a downloaded package and may run local commands or scaffold files as part of the workflow; review the package and any generated changes before applying. | ✓Use a least-privilege Cloudflare token because DNS, security, Worker, and deployment actions can affect production services. | ✓Do not deploy or transact from generated contract code without independent review, tests, and a dry run; smart contract mistakes can be irreversible. Use local forks or testnets before mainnet and keep deployment wallets and RPC credentials least-privileged. | ✓Do not deploy or transact from generated contract code without independent review, tests, and a dry run; smart contract mistakes can be irreversible. Use local forks or testnets before mainnet and keep deployment wallets and RPC credentials least-privileged. |
| Privacy notes | ✓Security prompts and reports can include source snippets, vulnerability details, internal URLs, dependency metadata, and operational context. Redact secrets, customer data, exploit details, private infrastructure names, and unreleased findings before sharing outputs publicly. | ✓Operates on your local project files and any context you share in the session; review what you expose before sharing — nothing is sent beyond the model unless a step calls an external service. | ✓Zone settings, analytics, logs, account identifiers, deployment metadata, and security configuration may be sent through model context. | ✓Prompts and reports can include contract source, audit findings, addresses, deployment config, and transaction context. Never paste private keys, seed phrases, unreleased exploit details, customer wallet data, or privileged RPC credentials into prompts. | ✓Prompts and reports can include contract source, audit findings, addresses, deployment config, and transaction context. Never paste private keys, seed phrases, unreleased exploit details, customer wallet data, or privileged RPC credentials into prompts. |
| Prerequisites |
|
|
|
|
|
| Install | | | | | |
| Config | — | — | | — | — |
| Citations | |||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
- 01
Prompt Injection Defense Guardrails Skill
Implement practical prompt injection defenses with policy gates, tool constraints, and adversarial test cases.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutPrompt Injection Defense Guardrails Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 02
Code Review Automation Capability Pack Skill
Run a local, repeatable PR review loop with severity scoring, false-positive control, and fix-ready output.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutCode Review Automation Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 03
Cloudflare MCP Server - MCP Servers
Build applications, analyze traffic, and manage security settings through Cloudflare
Added 10mo agoSafety ✓ Privacy ✓by CloudflareWhy it made the cutCloudflare MCP Server - MCP Servers is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 04
Ethereum Base Smart Contract Security Capability Pack Skill
Deep smart contract security skill covering Solidity design, test rigor, deployment hygiene, and post-launch risk controls.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutEthereum Base Smart Contract Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 05
Ethereum Solidity Security Foundry Skill
Smart contract development skill focused on secure Solidity architecture, testing rigor, and safer deployment practices.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutEthereum Solidity Security Foundry Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 06
GitHub Actions Secure CI/CD Capability Pack Skill
Deep CI/CD security and reliability skill for GitHub Actions with reusable workflows, policy checks, and hardened automation patterns.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutGitHub Actions Secure CI/CD Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 07
MCP Server Authoring Security Capability Pack Skill
MCP server skill for secure tool design, authorization boundaries, contract stability, and production safety controls.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutMCP Server Authoring Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 08
MCP Server Security Hardening Skill
Harden Model Context Protocol servers with practical controls for auth, tool scope, input validation, and supply-chain risk.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutMCP Server Security Hardening Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 09
n8n Production Security Capability Pack Skill
Deep n8n production security skill for safe AI workflows, credential protection, and incident-ready operations.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutn8n Production Security Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 10
OpenClaw Agent Ops Hardening Skill
Production hardening for OpenClaw deployments, including permissions, network segmentation, and abuse-resistant agent controls.
Level:advancedType:generalVerified:draftAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutOpenClaw Agent Ops Hardening Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 11
OpenClaw Operator Capability Pack Skill
Deep operational OpenClaw skill for maintaining secure, reliable, and cost-aware multi-agent systems.
Level:expertType:capability-packVerified:validatedAdded 3mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutOpenClaw Operator Capability Pack Skill is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 12
Socket MCP Server for Claude
Security analysis and vulnerability scanning for dependencies
Added 10mo agoSafety ✓ Privacy ✓by SocketWhy it made the cutSocket MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 13
Stytch MCP Server for Claude
Configure and manage Stytch authentication services and workspace settings
Added 10mo agoSafety ✓ Privacy ✓by StytchWhy it made the cutStytch MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 14
AWS CloudTrail MCP Server
Connect Claude to AWS CloudTrail to look up account events, analyze user activity, track API calls, and run CloudTrail Lake SQL for audits.
Added 28d agoSafety ✓ Privacy ✓by AWS Labs · submitted by jaso0n0818Why it made the cutAWS CloudTrail MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 15
Dependency Security Audit
Stop hook that runs npm audit, pip-audit, safety, or bundler-audit at session end and saves a timestamped CVE report.
Trigger:StopAdded 10mo agoSafety ✓ Privacy ✓by JSONboredWhy it made the cutDependency Security Audit is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 16
Hardcoded Secret Pre-Write Guard Hook
Block Write and Edit operations that embed common hardcoded credential shapes.
Trigger:PreToolUseAdded 1mo agoSafety ✓ Privacy ✓by kiannidevWhy it made the cutHardcoded Secret Pre-Write Guard Hook is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 17
MCP Local Tool Access Rules
Keep MCP local tool access bounded with tool inventories, root limits, transport checks, approval gates, credential separation, and privacy-safe logs.
Added 1mo agoSafety ✓ Privacy ✓by MkDev11Why it made the cutMCP Local Tool Access Rules is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 18
Prompt-Injection Content Scanner - Claude Code Hook
Warn or block when generated prompt/context files contain common instruction-override, secret-exfiltration, or hidden-command patterns.
Trigger:PreToolUseAdded 1mo agoSafety ✓ Privacy ✓by MkDev11Why it made the cutPrompt-Injection Content Scanner - Claude Code Hook is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.
Suggest a pickGet the weekly brief
One calm read on Claude workflows. Sundays. No tracking pixels.
Unsubscribe any time. No tracking pixels. No partner blasts.